Technology Sectors
From bird flu to blizzards: Emergencies uncover limitations of ‘secure’ workforce planning
 |
| Rue Moody |
(Editor's Note: This article first appeared in GSN's "Essential Guide to Disaster Preparedness," which accompanied our November 2010 print issue.)
Between the avian flu of 2005 and the blizzards of 2009, many government agencies have had to take a hard look at their IT plans for ensuring continuity of operations and workforce security. The results have, in some cases, been underwhelming -- pointing to a real need to create a strategy that allows not only for pandemic planning, but also for a secure workforce to address other federal IT initiatives, such as teleworking.
This isn’t just an empty exercise. While the avian flu epidemic has run its course, the new strain of antibiotic-resistant influenza coming from India has claimed 22 lives, as of mid-August. The need for a sound pandemic plan is as great as ever.
After the avian flu outbreak of 2005, the Bush administration introduced the National Strategy for Pandemic Influenza Implementation Plan. This national plan highlighted the importance of a comprehensive and effective program to ensure the uninterrupted continuation of essential federal government functions. This included a plan for human capital and technical requirements to ensure continuity of operations.=
So, agencies have budgeted and are responsible for pandemic planning of their IT infrastructure. Many agencies with a pandemic plan have tried to use that planning for other continuity of operations functions. The results have not been uniformly successful; to put it kindly.
For example, some agencies’ pandemic plans required work laptops to be locked in a controlled access room and distributed to key personnel, as needed. The blizzard that shut down the federal government in 2009 uncovered the inherent weakness in that plan. Agencies that chose to implement this type of pandemic plan to allow remote work came to the unhappy realization that they had no access to secure laptops which were locked away in secure rooms in now-closed agency offices.
More than a pandemic plan
In reality, the factors that must be considered when developing a pandemic plan are the same that enable agencies to improve secure workforce management. The key is to understand the access control needs of the agency, and to look closely at necessary IT efficiencies.
Whether revising a pandemic plan or improving a workforce’s overall security, lock down the data and control it properly. Remove data from endpoint devices (such as the secure laptops that sat idle in locked rooms during winter whiteout conditions). Leaving the data center in a location where data can be accessed, but not removed, fits both pandemic and secure workforce planning.
This means encrypted virtualization -- having a virtualized infrastructure in the data center, with encrypted data access. Web sites or other remote points must have security requirements to enable workers to gain access to the data.
Your plans must address some process or technology in front of the data, between the data and the people trying to access it, to improve access without overtaxing the IT infrastructure, while also preventing malicious behavior, whether accidental or intentional.
WAN optimization and application delivery controllers in front of the data can give access to more people, while controlling the number of access points to the data itself. The caching and application firewalling that is part of an application delivery controller will prevent database servers from crashing as a result of too many remote access users.
You might already have a pandemic plan
A secure workplace plan, implemented correctly, with remote access capability is essentially the same as a pandemic plan. As long as you are requiring authentication in the workplace, that same requirement can serve your needs from any exterior remote point of access.
Virtualize the desktop and keep access securely controlled in the data center. That way, it doesn’t matter if the workforce is sitting in an agency office, a remote office, a home office or a hotel room across the country. In case of a pandemic or another crisis situation, your workforce can stay safely at home, with secure remote access to the same desktop they’d be using if they were in the work environment, with the same user privileges.
Your pandemic plan can take you a long way to a secure workforce, which is at the heart of teleworking and other federal initiatives. And, with the latest swine flu epidemic scare around the corner, now is the time to make sure your planning is solid.
